Gnous/mailcow
2
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

fix mailbox tfa

Browse Source
This commit is contained in:
FreddleSpl0it 2022-08-31 11:31:55 +02:00
parent 90f77f6d5c
commit 2ed453a400
1 changed files with 18 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
data/web/inc/functions.inc.php
View File

@ -937,11 +937,13 @@ function check_login($user, $pass, $app_passwd_data = false) {
} }
foreach ($rows as $row) { foreach ($rows as $row) {
// verify password // verify password
if ($app_passwd_data['eas'] !== true && $app_passwd_data['dav'] !== true){ if (verify_hash($row['password'], $pass) !== false) {
if (verify_hash($row['password'], $pass) !== false) { if (!array_key_exists("app_passwd_id", $row)){
// password is not a app password
// check for tfa authenticators // check for tfa authenticators
$authenticators = get_tfa($user); $authenticators = get_tfa($user);
if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0) { if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0) {
// authenticators found, init TFA flow
$_SESSION['pending_mailcow_cc_username'] = $user; $_SESSION['pending_mailcow_cc_username'] = $user;
$_SESSION['pending_mailcow_cc_role'] = "user"; $_SESSION['pending_mailcow_cc_role'] = "user";
$_SESSION['pending_tfa_methods'] = $authenticators['additional']; $_SESSION['pending_tfa_methods'] = $authenticators['additional'];
@ -953,6 +955,7 @@ function check_login($user, $pass, $app_passwd_data = false) {
); );
return "pending"; return "pending";
} else { } else {
// no authenticators found, login successfull
// Reactivate TFA if it was set to "deactivate TFA for next login" // Reactivate TFA if it was set to "deactivate TFA for next login"
$stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user"); $stmt = $pdo->prepare("UPDATE `tfa` SET `active`='1' WHERE `username` = :user");
$stmt->execute(array(':user' => $user)); $stmt->execute(array(':user' => $user));
@ -960,22 +963,19 @@ function check_login($user, $pass, $app_passwd_data = false) {
unset($_SESSION['ldelay']); unset($_SESSION['ldelay']);
return "user"; return "user";
} }
} } elseif ($app_passwd_data['eas'] === true || $app_passwd_data['dav'] === true) {
} elseif ($app_passwd_data['eas'] === true || $app_passwd_data['dav'] === true) { // password is a app password
if (array_key_exists("app_passwd_id", $row)){ $service = ($app_passwd_data['eas'] === true) ? 'EAS' : 'DAV';
if (verify_hash($row['password'], $pass) !== false) { $stmt = $pdo->prepare("REPLACE INTO sasl_log (`service`, `app_password`, `username`, `real_rip`) VALUES (:service, :app_id, :username, :remote_addr)");
$service = ($app_passwd_data['eas'] === true) ? 'EAS' : 'DAV'; $stmt->execute(array(
$stmt = $pdo->prepare("REPLACE INTO sasl_log (`service`, `app_password`, `username`, `real_rip`) VALUES (:service, :app_id, :username, :remote_addr)"); ':service' => $service,
$stmt->execute(array( ':app_id' => $row['app_passwd_id'],
':service' => $service, ':username' => $user,
':app_id' => $row['app_passwd_id'], ':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR'])
':username' => $user, ));
':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR'])
));
unset($_SESSION['ldelay']); unset($_SESSION['ldelay']);
return "user"; return "user";
}
} }
} }
} }
@ -994,7 +994,7 @@ function check_login($user, $pass, $app_passwd_data = false) {
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
'type' => 'danger', 'type' => 'danger',
'log' => array(__FUNCTION__, $user, '*'), 'log' => array(__FUNCTION__, $user, '*'),
'msg' => 'login_failed' 'msg' => array('login_failed', $pass, $rows, $app_passwd_data, array_key_exists("app_passwd_id", $row))
); );
sleep($_SESSION['ldelay']); sleep($_SESSION['ldelay']);